Identity Security in Production
As the digital sphere expands and modern technology continues to advance, cybersecurity leaders recognize the importance of protecting identities. Identity security is essential to manage all organizational user and system information safely. Within the entertainment industry, lack of identity strategy can pose a large threat to productions if not properly secured. Using a strong identity strategy can enable productions to take advantage of a digital strategy while incorporating strong security measures.
Identity protection essentially amounts to the act of identifying someone logging in to a system, ensuring they are who they say they are, limiting them to only what they need to perform their roles and, most importantly, protecting the system from unwanted access. However, in the age of advanced cyberattacks, or any attempt to gain unauthorized access to data with malice, cybercriminals are privy to the knowledge that attacking identities is far easier than trying to break into websites or other systems directly. The simple mantra for these hackers is to take the path of least resistance to be successful.
An example that illustrates this strategy is the prevalence of phishing emails and their success rates. Phishing consists of cybercriminals sending fraudulent emails, allegedly from reputable companies, in the hopes of gaining access to private personal data, including passwords and credit card numbers. According to the 2020 FBI Internet Crime Report, not only is phishing the most common type of cybercrime but the click through rate of these attacks are as high as 35%! Simply put, an attacker can organize a phishing campaign with little effort and get approximately ⅓ of all people to click on the fraudulent link. This type of ransomware alone accounts for adjusted losses of over $54 million. In the past, the costs of broad-scale phishing campaigns were substantially higher due to the cost of access to servers, internet services, and data such as email lists. However, that dynamic has changed drastically in 2021. This is largely due to the increasing use of cloud-based systems, the prospect of global reach, and the broad scale of compromised email lists and other data. The accessibility and widespread use of technology today has led to high success rates, ease of use, and low costs of attack for criminals online; now that’s a recipe for disaster!
The simple mantra for these hackers is to take the path of least resistance to be successful.
In 2020, the entertainment and production industry began a rapid adoption of digital tools and processes beneficial to the trade. However, while this accelerated move to adopt digital solutions was advantageous to the industry, it also created critical new risks to consider, specifically regarding identity protection.
Let’s review 5 strategies to manage identity risk within the entertainment industry:
1. Simplicity of Access
Studios, production offices, and sets are fast-paced environments, therefore, simplifying the complexity of access management is paramount to success. While facilitating this access, it is equally important to ensure strong security is applied, ideally involving simple user interaction but with advanced security controls applied. In this technological age, a username and password are not enough to protect sensitive data. Even longer or more complicated passwords can lack the type of protection needed in today’s risk landscape.
Solution: Utilize enterprise products and services that have integrated identity platforms, which are valuable for managing the identities of users and devices in a centralized fashion. For example, any multi-factor authentication (MFA) support, requiring several verification factors to gain access to private data, is an excellent step in the right direction! This identity service offers easier access to systems for users, while leveraging secure protocols and maintaining a shielded profile throughout. At Entertainment Partners, we leverage an advanced security platform that allows employees to gain access to information efficiently, while simultaneously offering strong security protocols, ensuring the protection of private data.
2. Content Security
It’s no secret that productions are intent on protecting their content, and identity protections are a key linchpin in a production’s cybersecurity strategy. However, it’s important to keep in mind that solid identity protection does not stop at “the front door” of a system. Rather, it is pervasive and consistent through the lifecycle of products and services.
Solution: Advanced identity protections must include protecting data both at rest and in transit. This means identities are bound in the data within the systems themselves, ensuring the secure transport of information as it moves in and out of these systems. Here at EP, we have implemented advanced encryption protocols and systems that tie a user’s identity to the access and data storage itself, combining a triad of identity protections. This acts as a multifaceted way to protect sensitive data and production content.
Advanced identity protections must include protecting data both at rest and in transit.
3. Managing Cost
As more and more businesses start their digital transformations, it is costly from an onboarding perspective as well as an operational standpoint. Production staff are often expected to release quality content to the public quickly, which now generally involves the use of upgraded digital tools. However, while the entertainment industry increases its use of technology, it is critical to shield identities throughout or productions can be delayed substantially. Furthermore, these productions can be delayed if operational use is arduous on a day-to-day basis, increasing costs overall.
Solution: Partner with a provider that offers digital onboarding tools as a central part of the production ecosystem. Suppose a provider offers some digital tools, but fails to offer digital onboarding. The entire process is not only more difficult but also becomes significantly more prone to identity breaches! Physical items, such as paper records, have high maintenance costs and are much more difficult to keep secure. With Entertainment Partners, production workers can utilize a single identity to access end-to-end onboarding capabilities, time management, employee reporting, and more! This ensures identity protection while keeping operational costs low throughout.
4. Governance and Compliance
The production industry operates globally, requires contractual obligations to support services such as unions and, in many cases, must meet strict privacy and security requirements depending on location. In order to meet these governance and compliance expectations, it is essential to employ proper identity protection strategies.
Solution: Choose a provider that has clearly demonstrated their commitment to global security and privacy frameworks, such as ISO 27001, SOC1, and SOC2. These valuable auditing procedures ensure that service providers securely manage data, which ultimately protects the interests of any organization and the privacy of its clients. At EP, we have long demonstrated our commitment to security through years of being ISO 27001 certified, as well as years of SOC1 and SOC2 compliance.
5. Supply Chain Risk-Management
The digital supply chain in the entertainment industry is vast and interconnected. Productions, specifically, rely on a number of suppliers to provide all of the tools and services necessary to produce content successfully. Supply chain security risks are an increasing threat to the industry due to varied levels of immaturity and a lack of investment in the solution to these exposures.
Solution: Execute a vendor risk management (VRM) strategy, prior to engaging with a new supplier. Ideally automated and typically sent through detailed security questionnaires, a VRM strategy should include a process of assessing the provider on their overall security fitness. Additional validation may lead to supplementary security tests, including penetration testing to detect any hidden system flaws and evaluate the security of the IT infrastructure. It is vital that during this assessment process, proper due diligence is completed using qualified security personnel to gauge supplier response and review evidence of performance. While enabling the VRM process requires additional effort by the company, it is an effective way to bypass immature suppliers and ensure the long-term welfare of productions. Entertainment Partners continues to promote security maturity through our commitment to standards and certifications, as well as our detailed and secure engagements with customers and internal suppliers.
Fast changes in technology and increasingly common cyberattacks have made advanced identity protection and cybersecurity essential to any industry. The production industry has an especially high stake in protecting this sensitive data, personal information, and content. It is imperative to consider strategies to minimize these security-risks to properly protect your business and your people! While implementing these identity protection procedures may demand supplementary effort, the benefit and profitability of proper cybersecurity is undeniably worthwhile for any company.